Everything has security problems, even Linux. An old and obscure problem with the gcc compiler was recently discovered to have left a security hole in essentially every version of Linux that anyone is likely to be running. Here’s what you need to know about fixing it.
The problem itself was discovered by Brad Spengler, the hacker behind the open-source network and server security program, grsecurity. What he found was that in some network code, there was a procedure that included a variable that could be set to NULL (no value at all). Now, this didn’t appear to be a problem because the programmer also included a test which would return an error-message if the variable turned out to have a NULL value.
So far, so good. Unfortunately, the gcc code optimizer on finding that a variable has been assigned a NULL value removed the test! This left a hole, that didn’t exist in the original program. Using this hole, and code provided by Spengler, any cracker with sufficient access to a Linux computer could get into the computer’s memory and, from there, get into all kinds of mischief. For more on the down and dirty technical details, turn to Jonathan Corbet’s story, “Fun with NULL Pointers.”